Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Oracle RDBMS Login Utility
This module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.
Rank
- Normal
Authors
- Patrik Karlsson < patrik [at] cqure.net >
- todb < todb [at] metasploit.com >
References
- http://www.oracle.com/us/products/database/index.html
- CVE-1999-0502
- http://nmap.org/nsedoc/scripts/oracle-brute.html
Development
Similar Modules
- auxiliary/scanner/oracle/emc_sid
- auxiliary/scanner/oracle/isqlplus_login
- auxiliary/scanner/oracle/isqlplus_sidbrute
- auxiliary/scanner/oracle/oracle_hashdump
- auxiliary/scanner/oracle/sid_brute
- auxiliary/scanner/oracle/sid_enum
- auxiliary/scanner/oracle/spy_sid
- auxiliary/scanner/oracle/tnslsnr_version
- auxiliary/scanner/oracle/xdb_sid
- auxiliary/scanner/oracle/xdb_sid_brute
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(oracle_login) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(oracle_login) > run
Module Options
| BLANK_PASSWORDS | Try blank passwords for all users (default: true) |
| BRUTEFORCE_SPEED | How fast to bruteforce, from 0 to 5 (default: 5) |
| NMAP_VERBOSE | Display nmap output (default: true) |
| PASSWORD | A specific password to authenticate with |
| PASS_FILE | File containing passwords, one per line |
| RHOSTS | The target address range or CIDR identifier |
| RPORTS | Ports to target |
| SID | The instance (SID) to authenticate against (default: XE) |
| STOP_ON_SUCCESS | Stop guessing when a credential works for a host |
| THREADS | The number of concurrent threads (default: 1) |
| USERNAME | A specific username to authenticate as |
| USERPASS_FILE | File containing (space-seperated) users and passwords, one pair per line (default: /home/svn/jobs/msf3/data/wordlists/oracle_default_userpass.txt) |
| USER_AS_PASS | Try the username as the password for all users (default: true) |
| USER_FILE | File containing usernames, one per line |
| VERBOSE | Whether to print output for all attempts (default: true) |
| MaxGuessesPerService | Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used. |
| MaxGuessesPerUser | Maximum guesses for a particular username for the service instance. Note that users are considered unique among different services, so a user at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both will be tried up to the MaxGuessesPerUser limit. If set to zero or a non-number, this option will not be used. |
| MaxMinutesPerService | Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used. |
| REMOVE_PASS_FILE | Automatically delete the PASS_FILE on module completion |
| REMOVE_USERPASS_FILE | Automatically delete the USERPASS_FILE on module completion |
| REMOVE_USER_FILE | Automatically delete the USER_FILE on module completion |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| WORKSPACE | Specify the workspace for this module |